public void AuthnRequestType_test()
{
//ARRANGE
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local");
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats);
var types = ReflectionHelper.GetAllTypes(t => !t.IsAbstract && !t.IsInterface && typeof(RequestAbstract).IsAssignableFrom(t));
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger) as IRequestSerialiser;
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
var authnRequest = RequestHelper.BuildRequest(authnRequestContext);
var typeResolver = new MessageTypeResolver();
//ACT
var serialised = serialiser.Serialize(authnRequest);
var type = typeResolver.ResolveMessageType(serialised, types);
//ASSERT
Assert.AreEqual(typeof(AuthnRequest), type);
}
public void BuildAuthnRequest_test_requested_authn_context_default_overwritten_multiple_contexts()
{
//ARRANGE
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local", NameIdentifierFormats.Transient);
var requestedAuthnContextConfiguration = new Kernel.Federation.FederationPartner.RequestedAuthnContextConfiguration(AuthnContextComparisonType.Minimum.ToString());
requestedAuthnContextConfiguration.RequestedAuthnContexts.Add((new Kernel.Federation.Protocols.AuthnContext(AuthnContextType.AuthnContextClassRef.ToString(), new Uri(AuthnticationContexts.Password))));
requestedAuthnContextConfiguration.RequestedAuthnContexts.Add((new Kernel.Federation.Protocols.AuthnContext(AuthnContextType.AuthnContextClassRef.ToString(), new Uri(AuthnticationContexts.PasswordProtectedTransport))));
var federationPartyAuthnRequestConfiguration = new FederationPartyAuthnRequestConfiguration(requestedAuthnContextConfiguration, new DefaultNameId(new Uri(NameIdentifierFormats.Transient)));
federationContex.FederationPartyAuthnRequestConfiguration = federationPartyAuthnRequestConfiguration;
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats);
var requestConfiguration = federationContex.GetRequestConfigurationFromContext();
AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory();
//ACT
var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext);
//ASSERT
Assert.NotNull(authnRequest);
Assert.IsNotNull(authnRequest.RequestedAuthnContext);
Assert.AreEqual(AuthnContextComparisonType.Minimum, authnRequest.RequestedAuthnContext.Comparison);
Assert.AreEqual(2, authnRequest.RequestedAuthnContext.Items.Length);
Assert.AreEqual(2, authnRequest.RequestedAuthnContext.ItemsElementName.Length);
Assert.AreEqual(AuthnContextType.AuthnContextClassRef, authnRequest.RequestedAuthnContext.ItemsElementName[0]);
Assert.AreEqual(AuthnticationContexts.Password, authnRequest.RequestedAuthnContext.Items[0]);
Assert.AreEqual(AuthnContextType.AuthnContextClassRef, authnRequest.RequestedAuthnContext.ItemsElementName[1]);
Assert.AreEqual(AuthnticationContexts.PasswordProtectedTransport, authnRequest.RequestedAuthnContext.Items[1]);
}
public void BuildAuthnRequest_test_scoping_default_overwritten()
{
//ARRANGE
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local", NameIdentifierFormats.Transient);
federationContex.ScopingConfiguration = new Kernel.Federation.FederationPartner.ScopingConfiguration("http://localhost:59611/")
{
PoxyCount = 10
};
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats);
var requestConfiguration = federationContex.GetRequestConfigurationFromContext();
AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory();
//ACT
var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext);
//ASSERT
Assert.NotNull(authnRequest);
Assert.IsNotNull(authnRequest.Scoping);
Assert.AreEqual("10", authnRequest.Scoping.ProxyCount);
Assert.AreEqual(1, authnRequest.Scoping.RequesterId.Length);
Assert.AreEqual("http://localhost:59611/", authnRequest.Scoping.RequesterId[0]);
}
public void BuildAuthnRequest_test_nameid_fortmat_no_match_from_many_entries_supported()
{
//ARRANGE
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local", NameIdentifierFormats.Windows);
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient), new Uri(NameIdentifierFormats.Persistent)
};
var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats);
var requestConfiguration = federationContex.GetRequestConfigurationFromContext();
AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory();
//ACT
var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext);
var audience = ((AudienceRestriction)authnRequest.Conditions.Items.Single())
.Audience
.Single();
//ASSERT
Assert.NotNull(authnRequest);
Assert.AreEqual(requestConfiguration.IsPassive, authnRequest.IsPassive);
Assert.AreEqual(requestConfiguration.ForceAuthn, authnRequest.ForceAuthn);
Assert.AreEqual("2.0", authnRequest.Version);
//issuer
Assert.AreEqual(requestConfiguration.EntityId, authnRequest.Issuer.Value);
Assert.AreEqual(NameIdentifierFormats.Entity, authnRequest.Issuer.Format);
//audience
Assert.AreEqual(requestConfiguration.AudienceRestriction.Count, authnRequest.Conditions.Items.Count);
Assert.AreEqual(requestConfiguration.AudienceRestriction.Single(), audience);
//nameIdPolicy
Assert.IsFalse(authnRequest.NameIdPolicy.AllowCreate);
Assert.AreEqual(authnRequest.NameIdPolicy.Format, NameIdentifierFormats.Unspecified);
}
public void LogoutRequestType_test_test()
{
//ARRANGE
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local");
var logoutContext = new SamlLogoutContext(new Uri(Reasons.User), new System.IdentityModel.Tokens.Saml2NameIdentifier("testUser", new Uri(NameIdentifierFormats.Persistent)), "local");
var authnRequestContext = new LogoutRequestContext(requestUri, new Uri("http://localhost"), federationContex, logoutContext);
var types = ReflectionHelper.GetAllTypes(t => !t.IsAbstract && !t.IsInterface && typeof(RequestAbstract).IsAssignableFrom(t));
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger) as IRequestSerialiser;
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetLogoutRequestBuildersFactory();
var logoutRequest = RequestHelper.BuildRequest(authnRequestContext);
var typeResolver = new MessageTypeResolver();
//ACT
var serialised = serialiser.Serialize(logoutRequest);
var type = typeResolver.ResolveMessageType(serialised, types);
//ASSERT
Assert.AreEqual(typeof(LogoutRequest), type);
}
public async Task ParseLogoutRequest_post_binding()
{
//ARRANGE
var form = await SamlPostRequestProviderMock.BuildLogoutRequestPostForm();
Func <Type, IMetadataHandler> metadataHandlerFactory = t => new MetadataEntitityDescriptorHandler();
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger) as IRequestSerialiser;
var certManager = new CertificateManager(logger);
var signatureManager = new XmlSignatureManager();
Func <IEnumerable <RequestValidationRule> > rulesResolver = () => new[] { new SignatureValidRule(logger, certManager, signatureManager) };
var requestValidator = new Federation.Protocols.Request.Validation.RequestValidator(logger, new RuleFactory(rulesResolver));
var configurationRetrieverMock = new ConfigurationRetrieverMock();
var federationPartyContextBuilderMock = new FederationPartyContextBuilderMock();
var configurationManger = new ConfigurationManager <MetadataBase>(federationPartyContextBuilderMock, configurationRetrieverMock);
var requestParser = new RequestParser(metadataHandlerFactory, t => new LogoutRequestParser(serialiser, logger),
configurationManger, logger, requestValidator);
var postBindingDecoder = new PostBindingDecoder(logger);
var message = await postBindingDecoder.Decode(form.HiddenControls.ToDictionary(k => k.Key, v => v.Value));
var context = new SamlInboundContext
{
Message = message,
DescriptorResolver = m => metadataHandlerFactory(typeof(object)).GetIdentityProviderSingleSignOnDescriptor(m).Single().Roles.Single()
};
//ACT
var result = await requestParser.Parse(context);
//ASSERT
Assert.IsTrue(result.IsValidated);
Assert.IsInstanceOf <LogoutRequest>(result.SamlRequest);
}
public async Task AuthnRequestSerialiser_test()
{
//ARRANGE
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local");
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats);
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new AuthnRequestSerialiser(xmlSerialiser, encoder, logger);
AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory();
var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext);
//ACT
var request = await serialiser.Serialize(authnRequest);
//ASSERT
Assert.NotNull(request);
}
public void BuildAuthnRequest_test_scoping_default_overwritten_2_requesters()
{
//ARRANGE
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var scopingConfiguration = new ScopingConfiguration("http://localhost:59611/", "http://localhost:59612/")
{
PoxyCount = 10
};
var federationContext = federationPartyContextBuilder.BuildContext("local", scopingConfiguration);
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContext, supportedNameIdentifierFormats);
var requestConfiguration = federationContext.GetAuthnRequestConfigurationFromContext(Guid.NewGuid().ToString());
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
//ACT
var authnRequest = RequestHelper.BuildRequest(authnRequestContext) as AuthnRequest;
//ASSERT
Assert.NotNull(authnRequest);
Assert.IsNotNull(authnRequest.Scoping);
Assert.AreEqual("10", authnRequest.Scoping.ProxyCount);
Assert.AreEqual(2, authnRequest.Scoping.RequesterId.Length);
Assert.AreEqual("http://localhost:59611/", authnRequest.Scoping.RequesterId[0]);
Assert.AreEqual("http://localhost:59612/", authnRequest.Scoping.RequesterId[1]);
}
public void DeserialiseTokenTest_signed_only_assertion_read_assertion()
{
//ARRANGE
var path = FileHelper.GetSignedAssertion();
var certValidator = new CertificateValidatorMock();
var logger = new LogProviderMock();
var certManager = new CertificateManager(logger);
certManager.CertificateValidator = certValidator;
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var xmlReader = XmlReader.Create(path);
var reader = XmlReader.Create(xmlReader, xmlReader.Settings);
var tokenHandlerConfigurationProvider = new TokenHandlerConfigurationProvider(federationPartyContextBuilder, certManager);
var configuration = tokenHandlerConfigurationProvider.GetConfiguration("testshib");
var saml2SecurityTokenHandler = new SecurityTokenHandlerMock();
saml2SecurityTokenHandler.SetConfiguration(configuration);
//ACT
var assertion = saml2SecurityTokenHandler.GetAssertion(reader);
//Assert
Assert.NotNull(assertion);
}
public void AuthnRequestSerialiser_test()
{
//ARRANGE
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local");
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats);
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger) as ISerializer;
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
var authnRequest = RequestHelper.BuildRequest(authnRequestContext);
//ACT
var serialised = serialiser.Serialize(authnRequest);
var deserialised = serialiser.Deserialize <AuthnRequest>(serialised);
//ASSERT
Assert.NotNull(serialised);
Assert.AreEqual(authnRequest.Issuer.Value, deserialised.Issuer.Value);
}
public async Task ParseTokenResponse_post_binding_sp_initiated()
{
//ARRANGE
var inResponseTo = Guid.NewGuid().ToString();
var response = ResponseFactoryMock.GetTokenResponseSuccess(inResponseTo, StatusCodes.Success);
var logger = new LogProviderMock();
var serialised = ResponseFactoryMock.Serialize(response);
var xmlSignatureManager = new XmlSignatureManager();
var document = new XmlDocument();
document.LoadXml(serialised);
var cert = AssertionFactroryMock.GetMockCertificate();
xmlSignatureManager.SignXml(document, response.ID, cert.PrivateKey, null);
var base64Encoded = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(document.DocumentElement.OuterXml));
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser;
var relayState = await relayStateSerialiser.Serialize(new Dictionary <string, object> {
{ "Key", "Value" }
});
var form = new SAMLForm();
form.SetResponse(base64Encoded);
form.SetRelatState(relayState);
Func <Type, IMetadataHandler> metadataHandlerFactory = t => new MetadataEntitityDescriptorHandler();
var certManager = new CertificateManager(logger);
var signatureManager = new XmlSignatureManager();
Func <IEnumerable <ResponseValidationRule> > rulesResolver = () => new[] { new ResponseSignatureRule(logger, certManager, signatureManager) };
var validator = new Federation.Protocols.Response.Validation.ResponseValidator(logger, new RuleFactory(rulesResolver));
var configurationRetrieverMock = new ConfigurationRetrieverMock();
var federationPartyContextBuilderMock = new FederationPartyContextBuilderMock();
var configurationManger = new ConfigurationManager <MetadataBase>(federationPartyContextBuilderMock, configurationRetrieverMock);
var relayStateHandler = new RelayStateHandler(relayStateSerialiser, logger);
var responseParser = new ResponseParser(metadataHandlerFactory, t => new SamlTokenResponseParser(logger),
configurationManger, relayStateHandler, logger, validator);
var postBindingDecoder = new PostBindingDecoder(logger);
var message = await postBindingDecoder.Decode(form.HiddenControls.ToDictionary(k => k.Key, v => v.Value));
var context = new SamlInboundContext
{
Message = message,
DescriptorResolver = m => metadataHandlerFactory(typeof(object)).GetIdentityProviderSingleSignOnDescriptor(m).Single().Roles.Single()
};
//ACT
var result = await responseParser.Parse(context);
//ASSERT
Assert.IsTrue(result.IsValidated);
}
public async Task ManagerTest()
{
//ARRANGE
MetadataBase configuration = null;
var federationPartyId = "imperial.ac.uk";
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var configurationRetriever = new ConfigurationRetrieverMock();
var configurationManager = new ConfigurationManager <MetadataBase>(federationPartyContextBuilder, configurationRetriever);
//ACT
configuration = await configurationManager.GetConfigurationAsync(federationPartyId);
//ASSET
Assert.IsNotNull(configuration);
}
public void BuildAuthnRequest_test_requested_authn_context_default()
{
//ARRANGE
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local", NameIdentifierFormats.Transient);
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats);
//ACT
//ASSERT
Assert.Throws <ArgumentNullException>(() => federationContex.GetRequestConfigurationFromContext());
}
public void BuildAuthnRequest_test_requested_authn_context_default()
{
//ARRANGE
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local", (RequestedAuthnContextConfiguration)null);
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats);
//ACT
var config = federationContex.GetAuthnRequestConfigurationFromContext(Guid.NewGuid().ToString());
//ASSERT
Assert.IsNull(config.RequestedAuthnContextConfiguration);
}
public async Task BuildRelayStateTest()
{
//ARRANGE
var logger = new LogProviderMock();
var handler = new RelayStateAppender(logger);
//ACT
var federationPartyContextBuilderMock = new FederationPartyContextBuilderMock();
var configuration = federationPartyContextBuilderMock.BuildContext("local");
var authnRequestContext = new AuthnRequestContext(new Uri("http://localhost"), new Uri("http://localhost"), configuration, new [] { new Uri("http://localhost") });
await handler.BuildRelayState(authnRequestContext);
//ASSERT
Assert.AreEqual(3, authnRequestContext.RelyingState.Count);
Assert.AreEqual("local", authnRequestContext.RelyingState["federationPartyId"]);
Assert.AreEqual(authnRequestContext.RequestId, authnRequestContext.RelyingState.ElementAt(1).Value);
Assert.AreEqual("http://localhost/", authnRequestContext.RelyingState.ElementAt(2).Value.ToString());
}
public void DeserialiseTokenTest_Encrypted_assertion()
{
//ARRANGE
var dirPath = @"D:\Dan\Software\Apira\Assertions\";
var path = FileHelper.GetLastesFile(dirPath);
var certValidator = new CertificateValidatorMock();
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var xmlReader = XmlReader.Create(path);
var reader = XmlReader.Create(xmlReader, xmlReader.Settings);
var tokenHandlerConfigurationProvider = new TokenHandlerConfigurationProvider(federationPartyContextBuilder, certValidator);
var tokenSerialiser = new TokenSerialiser(tokenHandlerConfigurationProvider);
//ACT
var token = tokenSerialiser.DeserialiseToken(reader, "testshib");
//Assert
Assert.NotNull(token);
}
public void BuildAuthnRequest_test_default_overwritten_intex_endpoint()
{
//ARRANGE
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local", 1);
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats);
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
//ACT
var config = federationContex.GetAuthnRequestConfigurationFromContext(Guid.NewGuid().ToString());
var authnRequest = RequestHelper.BuildRequest(authnRequestContext) as AuthnRequest;
//ASSERT
Assert.IsNotNull(config.RequestedAuthnContextConfiguration);
Assert.AreEqual(1, authnRequest.AssertionConsumerServiceIndex);
}
public void DeserialiseTokenTest_signed_only_assertion_read_assertion()
{
//ARRANGE
var dirPath = @"D:\Dan\Software\Apira\Assertions\Local\";
var path = FileHelper.GetLastesFile(dirPath);
var certValidator = new CertificateValidatorMock();
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var xmlReader = XmlReader.Create(path);
var reader = XmlReader.Create(xmlReader, xmlReader.Settings);
var tokenHandlerConfigurationProvider = new TokenHandlerConfigurationProvider(federationPartyContextBuilder, certValidator);
var configuration = tokenHandlerConfigurationProvider.GetConfiguration("testshib");
var saml2SecurityTokenHandler = new SecurityTokenHandlerMock();
saml2SecurityTokenHandler.SetConfiguration(configuration);
//ACT
var assertion = saml2SecurityTokenHandler.GetAssertion(reader);
//Assert
Assert.NotNull(assertion);
}
public void DeserialiseTokenTest_Encrypted_assertion()
{
//ARRANGE
var path = FileHelper.GetEncryptedAssertionFilePath();
var certValidator = new CertificateValidatorMock();
var logger = new LogProviderMock();
var certManager = new CertificateManager(logger);
certManager.CertificateValidator = certValidator;
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var xmlReader = XmlReader.Create(path);
var reader = XmlReader.Create(xmlReader, xmlReader.Settings);
var tokenHandlerConfigurationProvider = new TokenHandlerConfigurationProvider(federationPartyContextBuilder, certManager);
var tokenSerialiser = new TokenSerialiser(tokenHandlerConfigurationProvider);
//ACT
var token = tokenSerialiser.DeserialiseToken(reader, "testshib");
//Assert
Assert.NotNull(token);
}
public async Task Post_end_to_end_test()
{
//ARRANGE
var isValid = false;
string url = String.Empty;
IDictionary <string, object> relayState = null;
var builders = new List <IPostClauseBuilder>();
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local");
var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First();
var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault)
.Select(x => x.CertificateContext)
.First();
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats);
authnRequestContext.RelyingState.Add("relayState", "Test state");
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger);
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
var authnBuilder = new SamlRequestBuilder(serialiser);
builders.Add(authnBuilder);
//relay state builder
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser;
var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser);
builders.Add(relayStateBuilder);
//signature builder
var certificateManager = new CertificateManager(logger);
var xmlSinatureManager = new XmlSignatureManager();
var signatureBuilder = new SignatureBuilder(certificateManager, logger, xmlSinatureManager);
builders.Add(signatureBuilder);
//context
var outboundContext = new HttpPostRequestContext(new SAMLForm())
{
BindingContext = new RequestPostBindingContext(authnRequestContext),
DespatchDelegate = form =>
{
url = form.ActionURL;
var request = ((SAMLForm)form).HiddenControls[HttpRedirectBindingConstants.SamlRequest];
var state = ((SAMLForm)form).HiddenControls[HttpRedirectBindingConstants.RelayState];
var task = relayStateSerialiser.Deserialize(state);
task.Wait();
relayState = task.Result as IDictionary <string, object>;
var cert = certificateManager.GetCertificateFromContext(certContext);
isValid = this.VerifySignature(request, cert);
return(Task.CompletedTask);
}
};
//dispatcher
var dispatcher = new PostRequestDispatcher(() => builders, logger);
//ACT
await dispatcher.SendAsync(outboundContext);
//ASSERT
Assert.AreEqual(url, requestUri.AbsoluteUri);
Assert.IsTrue(Enumerable.SequenceEqual(relayState, authnRequestContext.RelyingState));
Assert.IsTrue(isValid);
}
public async Task Redirect_end_to_end_test()
{
//ARRANGE
var isValid = false;
string url = String.Empty;
var builders = new List <IRedirectClauseBuilder>();
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local");
var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First();
var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault)
.Select(x => x.CertificateContext)
.First();
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats);
authnRequestContext.RelyingState.Add("relayState", "Test state");
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger);
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
var authnBuilder = new SamlRequestBuilder(serialiser);
builders.Add(authnBuilder);
//request compression builder
var encodingBuilder = new RequestEncoderBuilder(encoder);
builders.Add(encodingBuilder);
//relay state builder
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser;
var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser);
builders.Add(relayStateBuilder);
//signature builder
var certificateManager = new CertificateManager(logger);
var signatureBuilder = new SignatureBuilder(certificateManager, logger);
builders.Add(signatureBuilder);
//context
var outboundContext = new HttpRedirectRequestContext
{
BindingContext = new RequestBindingContext(authnRequestContext),
DespatchDelegate = redirectUri =>
{
url = redirectUri.GetLeftPart(UriPartial.Path);
var query = redirectUri.Query.TrimStart('?');
var cert = certificateManager.GetCertificateFromContext(certContext);
isValid = this.VerifySignature(query, cert, certificateManager);
return(Task.CompletedTask);
}
};
//dispatcher
var dispatcher = new RedirectRequestDispatcher(() => builders);
//ACT
await dispatcher.SendAsync(outboundContext);
//ASSERT
Assert.AreEqual(url, requestUri.AbsoluteUri);
Assert.IsTrue(isValid);
}
public async Task DecodeTest()
{
string url = String.Empty;
var builders = new List <IRedirectClauseBuilder>();
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local");
var spDescriptor = federationContex.MetadataContext.EntityDesriptorConfiguration.SPSSODescriptors.First();
var certContext = spDescriptor.KeyDescriptors.Where(x => x.Use == KeyUsage.Signing && x.IsDefault)
.Select(x => x.CertificateContext)
.First();
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, new Uri("http://localhost"), federationContex, supportedNameIdentifierFormats);
authnRequestContext.RelyingState.Add("relayState", "Test state");
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new RequestSerialiser(xmlSerialiser, encoder, logger);
RequestHelper.GetAuthnRequestBuilders = AuthnRequestBuildersFactoryMock.GetAuthnRequestBuildersFactory();
var authnBuilder = new SamlRequestBuilder(serialiser);
builders.Add(authnBuilder);
//request compression builder
var encodingBuilder = new RequestEncoderBuilder(encoder);
builders.Add(encodingBuilder);
//relay state builder
var jsonSerialiser = new NSJsonSerializer(new DefaultSettingsProvider());
var relayStateSerialiser = new RelaystateSerialiser(jsonSerialiser, encoder, logger) as IRelayStateSerialiser;
var relayStateBuilder = new RelayStateBuilder(relayStateSerialiser);
builders.Add(relayStateBuilder);
//signature builder
var certificateManager = new CertificateManager(logger);
var signatureBuilder = new SignatureBuilder(certificateManager, logger);
builders.Add(signatureBuilder);
var bindingContext = new RequestBindingContext(authnRequestContext);
foreach (var b in builders)
{
await b.Build(bindingContext);
}
var decoder = new RedirectBindingDecoder(logger, encoder);
//ACT
var message = await decoder.Decode(bindingContext.GetDestinationUrl());
var stateFromResult = message.Elements[HttpRedirectBindingConstants.RelayState];
var requestFromContext = bindingContext.RequestParts[HttpRedirectBindingConstants.SamlRequest];
var decoded = await encoder.DecodeMessage(requestFromContext);
//ASSERT
Assert.IsNotNull(stateFromResult);
Assert.AreEqual(bindingContext.RequestParts[HttpRedirectBindingConstants.RelayState], message.Elements[HttpRedirectBindingConstants.RelayState]);
Assert.AreEqual(decoded, message.Elements[HttpRedirectBindingConstants.SamlRequest]);
}
